Although some of the furor over WikiLeaks has slowed down some, make no mistake; the whistleblower website has not gone away. In fact it seems to have blended into the Internet, making "online whistleblower" a term we'll be hearing over and over for the foreseeable future, not just for WikiLeaks but copycat sites as well. Just the words "big U.S. bank" and WikiLeaks in the same sentence caused Bank of America's stock to drop. That a website could have such power, costly in Bank of America's case, is new. But the seeds of WikiLeaks are as old as human nature and it's not only governments that will feel the sting of an outed secret.
So what can enterprises do to keep their content from winding up on WikiLeaks' website or some other exposé forum?
Let's start by pointing out that there's little that can be done if your company has a disgruntled employee with legitimate access to confidential information. Large organisations simply have a statistical chance of employing a dishonest person or someone with an axe to grind. While core security technology such as virtual private network (VPN), firewalls, or data leak detection will reduce the danger, handling the human element is best done by good human resource people with adequate screening.
But enterprises can do much to keep a leak from occurring. Like leaving your house unlocked and hoping for the best, enterprises need to not overlook the obvious. In this case, do not make your content easy prey for unauthorised eyes. That is the first step. But say an employee has authorised access to a sensitive document. He or she has the "reading" privilege and can save the document or a part of it on his or her hard drive or memory stick. At that point, the security of your enterprise applications no longer applies. Now you must worry about the security of the flash memory drive - and that's not much security.
Many enterprises do not realise what valuable data is sitting on hard drives, on laptops and on mobile devices. That leaves them vulnerable to a myriad of nasty possibilities ranging from seeing their trade secrets slip out to their competitors, losing first-to-market advantage and even legal problems. For example, an old document resurfaces causing your company potential embarrassment or worse. Organisations are advised to dispose of information after prescribed retention periods, but maybe someone kept a copy and now that 20-year-old document has become a liability.
By their very nature, enterprise content management tools can go a long way towards heading off these scenarios. It is inherent to content management systems to have security through access control, authentication and authorisation to make sure only the right people have access to the right documents. Originally conceived as a way to protect intellectual property, digital rights management (or just rights management) is now allowing companies to encrypt content and thus enforce security no matter where it travels. If I receive a document in an e-mail, that document will be checked and my level of authorisation will determine if I can save it locally, print it or forward it. Proper rights management could prevent sensitive records from winding up on a stolen employee laptop, for example.
Sign up for Computerworld eNewsletters.